prosim o radu s logem z MWAV Vyřešeno

[sawwyer]

Ahoj,
jaký programy mám použít na zbavení počítače týhle havěti?







Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\Chat\ImpulseDark\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\Chat\Simple\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\Icons\Community\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\Icons\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\Images\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\Images\GamesPane\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\Images\More\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\ImagesFrame\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\ImagesFrame\AMD\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\ImagesFrame\AMDGame\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\ImagesFrame\BetaNews\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\ImagesFrame\Neowin\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Skin\Impulse_Login\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Hry\SOSE\Stardock\Impulse\Web\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Data aplikací\Stardock\Impulse\data\public\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Data aplikací\Stardock\Impulse\data\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Data aplikací\Stardock\Impulse\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Documents and Settings\All Users\Data aplikací\Stardock\Impulse\InstalledXML\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".iso". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Unique_is1". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Windows XP Service Pack". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{90120000-0010-0409-0000-0000000FF1CE}". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Data D\Alcohol 120\Alcohol[1].BetaMaster.rar je infikovaný virem Trojan.Generic.514414 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Data D\Alcohol 120\keymaker.exe je infikovaný virem Trojan.Generic.514414 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Data D\Alcohol 120\patch_ssc.exe je infikovaný virem Trojan.Generic.748171 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Data D\cain10b.zip je infikovaný virem Trojan.Cain.A (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Data D\Nero-7.5.9.0_csy_no_atb.exe je infikovaný virem THREAT_TYPE_ARCHBOMB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Data D\registry[1].medic.4.0.build.1024.cracked-tsrh.zip je infikovaný virem Backdoor.Generic.52822 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Data D\Registry_Medic_4.0_Build_1024.zip je infikovaný virem Backdoor.Generic.52822 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DataD\Style_XP_3.13.zip je infikovaný virem Application.Keygen.Xpstyle.H (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DataD\x\StyleXP_v1.0_Keygen.zip je infikovaný virem Application.Crack.Stylexp.B (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DataD\x\Style_XP_3.13.zip je infikovaný virem Application.Keygen.Xpstyle.H (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DataD\x\Style_XP_v1.0_keygen_by_ECLiPSE.zip je infikovaný virem Application.Crack.Stylexp.B (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\DataD\xp\StyleXP_All_Versions_Keygen.zip je infikovaný virem Application.Crack.Stylexp.B (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Sawyer\Local Settings\Temp\SystemRequirementsLabx.exe je infikovaný virem Trojan.Zlob.48880 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Documents and Settings\Sawyerr_1\My Documents\Morpheus Shared\Downloads\.btdownloads\Transformers.The.Game-RELOADED\rld-trfs.rar je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Hry\Command And Conquer Kanes Wrath\#readme#\CC3-dummy\CNC3.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Hry\FlashEXEBuilder10.exe je infikovaný virem Trojan.Generic.1215308 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Hry\generals\ext_ccgens107_shaikh.zip je infikovaný virem Trojan.Horse.XB (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Photoshop\Adobe[1].Flash.CS3.Keymaker.Only-ZWT.zip je infikovaný virem Trojan.Generic.62956 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor I:\AUTORUN.INF je infikovaný virem Fujack !! Provedené akce: No Action Taken.

[Reklama]

[El Bunda]

Řeknu ti to takhle :
Nestahuj softa z neznámých stránek , hlavně z těch .ru

[jaro3]

Tučně označené najdi a smaž:
C:\Data D\Alcohol 120\Alcohol[1].BetaMaster.rar
C:\Data D\Alcohol 120\keymaker.exe je
C:\Data D\Alcohol 120\patch_ssc.exe
C:\Data D\cain10b.zip
C:\Data D\registry[1].medic.4.0.build.1024.cracked-tsrh.zip
C:\Data D\Registry_Medic_4.0_Build_1024.zip
C:\DataD\Style_XP_3.13.zip
C:\DataD\x\StyleXP_v1.0_Keygen.zip
C:\DataD\x\Style_XP_3.13.zip
C:\DataD\x\Style_XP_v1.0_keygen_by_ECLiPSE.zip
C:\DataD\xp\StyleXP_All_Versions_Keygen.zip
C:\Documents and Settings\Sawyer\Local Settings\Temp\SystemRequirementsLabx.exe
C:\Hry\FlashEXEBuilder10.exe
C:\Hry\generals\ext_ccgens107_shaikh.zip
C:\Photoshop\Adobe[1].Flash.CS3.Keymaker.Only-ZWT.zip

Vlož sem log z HJT:
viewtopic.php?f=70&t=5119

[sawwyer]

tady je HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:26:52, on 29.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Data D\Ad-Aware SE Personal\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Data D\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Data D\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.utorrent.com/testport.php?port=8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{0778CFBE-23CA-475F-AEB9-3AB154119DC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0778CFBE-23CA-475F-AEB9-3AB154119DC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0778CFBE-23CA-475F-AEB9-3AB154119DC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0778CFBE-23CA-475F-AEB9-3AB154119DC6}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Data D\Ad-Aware SE Personal\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Data D\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6332 bytes

[sawwyer]

A nechápu, že je neobjevil muj Kasperskej, vždycky si ty soubory projíždim než to otevřu a nic nenašel,tak sem to bral, že sou v pohodě....
nejsou to nějaký zmetci vražedný ne?

[jaro3]

Vypni rez. ochranu u antiviru (Kaspersky).
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[sawwyer]

tady je combofix


ComboFix 09-01-21.04 - Tony Stark 2009-01-29 15:36:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.3326.2944 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tony Stark\Plocha\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
.

((((((((((((((((((((((((( Soubory vytvořené od 2008-12-28 do 2009-01-29 )))))))))))))))))))))))))))))))
.

2009-01-29 00:10 . 2009-01-29 00:10 0 --a------ C:\23990098.$$$
2009-01-28 22:16 . 2009-01-28 22:16 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-01-28 22:16 . 2009-01-28 22:16 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-01-28 22:16 . 2009-01-28 22:16 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-01-28 22:16 . 2008-04-14 08:52 147,968 --a------ c:\windows\R.COM
2009-01-28 22:16 . 2008-04-14 08:52 137,216 --a------ c:\windows\system32\T.COM
2009-01-28 22:16 . 2009-01-28 22:16 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-01-28 22:16 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-01-28 22:16 . 2009-01-28 22:31 54 --a------ c:\windows\Lic.xxx
2009-01-28 21:06 . 2009-01-28 21:06 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\GlarySoft
2009-01-28 21:06 . 2009-01-28 21:06 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\GlarySoft
2009-01-28 19:45 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-28 19:45 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-28 19:36 . 2009-01-28 19:41 <DIR> d-------- c:\windows\LastGood(2)
2009-01-28 19:36 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-28 19:19 . 2009-01-28 20:59 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-01-26 19:33 . 2009-01-26 19:33 <DIR> d-------- c:\documents and settings\Tony Stark\Data aplikací\LANGMaster
2009-01-26 15:03 . 2009-01-26 15:21 <DIR> d-------- c:\windows\NV35601280.TMP
2009-01-26 14:51 . 2009-01-26 14:51 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-25 21:03 . 2004-08-17 16:49 219,648 --a------ c:\windows\system32\uxtheme.dll
2009-01-25 19:18 . 2009-01-28 21:00 1,374 --a------ c:\windows\imsins.BAK
2009-01-25 18:09 . 2007-01-05 21:33 8,257,536 -----c--- c:\windows\system32\dllcache\wmploc.dll
2009-01-25 18:08 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2009-01-25 18:07 . 2004-07-17 11:40 19,528 --a------ c:\windows\000001_.tmp
2009-01-25 17:26 . 2009-01-25 17:26 <DIR> d---s---- c:\documents and settings\Sawyer\UserData
2009-01-25 14:20 . 2009-01-25 17:22 407 --a------ c:\windows\BRWMARK.INI
2009-01-25 10:57 . 2009-01-25 11:33 <DIR> d-------- c:\documents and settings\Sawyer\Plocha
2009-01-25 10:57 . 2009-01-17 00:43 <DIR> d--h----- c:\documents and settings\Sawyer\Okolní tiskárny
2009-01-25 10:57 . 2009-01-28 20:02 <DIR> d--h----- c:\documents and settings\Sawyer\Okolní síť
2009-01-25 10:57 . 2009-01-25 18:21 <DIR> dr------- c:\documents and settings\Sawyer\Oblíbené položky
2009-01-25 10:57 . 2009-01-25 11:01 <DIR> d--h----- c:\documents and settings\Sawyer\Šablony
2009-01-25 10:57 . 2009-01-25 11:15 <DIR> dr------- c:\documents and settings\Sawyer\Nabídka Start
2009-01-25 10:57 . 2009-01-28 21:00 <DIR> dr------- c:\documents and settings\Sawyer\Dokumenty
2009-01-25 10:57 . 2009-01-28 21:06 <DIR> dr-h----- c:\documents and settings\Sawyer\Data aplikací
2009-01-25 10:57 . 2009-01-28 19:32 <DIR> d-------- c:\documents and settings\Sawyer
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Lavasoft
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Lavasoft
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Ironclad Games
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Ironclad Games
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\ICQLite
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\ICQLite
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\ICQ
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\ICQ
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\IcoFX
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\IcoFX
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Hamachi
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Hamachi
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\GRETECH
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\GRETECH
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\DAEMON Tools
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\DAEMON Tools
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Command & Conquer 3 Tiberium Wars
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Command & Conquer 3 Tiberium Wars
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Command & Conquer 3 Kane's Wrath
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Command & Conquer 3 Kane's Wrath
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\nView_Profiles
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\nView_Profiles
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My The Lord of the Rings, The Rise of the Witch-king Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My The Lord of the Rings, The Rise of the Witch-king Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My Battle for Middle-earth(tm) II Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My Battle for Middle-earth(tm) II Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My Battle for Middle-earth Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My Battle for Middle-earth Files
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\WorldShift
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\WorldShift
2009-01-25 10:34 . 2009-01-28 21:10 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\uTorrent
2009-01-25 10:34 . 2009-01-28 21:10 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\uTorrent
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\teamspeak2
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\teamspeak2
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Spybot - Search & Destroy
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Spybot - Search & Destroy
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Skype
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Skype
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\QIP
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\QIP
2009-01-25 10:30 . 2009-01-25 10:30 <DIR> d-------- c:\documents and settings\Sawyer\dwhelper
2009-01-25 10:29 . 2009-01-25 11:01 <DIR> d-------- c:\documents and settings\Tony Stark\Sawyer
2009-01-25 09:45 . 2009-01-28 22:30 <DIR> d-------- c:\documents and settings\Tony Stark\Data aplikací\uTorrent
2009-01-24 10:30 . 2009-01-24 10:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Stardock
2009-01-24 10:30 . 2009-01-24 10:30 <DIR> d--h-c--- c:\documents and settings\All Users\Data aplikací\{CC8D4389-E989-40EE-AF09-2330B1EE8BF7}
2009-01-20 19:24 . 2009-01-20 19:24 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-20 19:21 . 2009-01-20 19:21 22,328 --a------ c:\documents and settings\Tony Stark\Data aplikací\PnkBstrK.sys
2009-01-20 19:20 . 2009-01-20 19:20 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2009-01-20 19:17 . 2009-01-20 19:17 0 --a------ c:\windows\nsreg.dat
2009-01-19 18:02 . 2009-01-19 18:02 <DIR> d-------- c:\program files\Codec Pack - All In 1
2009-01-19 18:02 . 2009-01-19 18:02 737,280 --a------ c:\windows\iun6002.exe
2009-01-18 22:20 . 2009-01-18 22:20 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-01-18 18:39 . 2009-01-18 18:47 <DIR> d-------- c:\program files\Screaming Bee
2009-01-18 18:34 . 2009-01-18 18:34 <DIR> d-------- c:\program files\Common Files\Screaming Bee
2009-01-18 18:29 . 2009-01-18 18:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Screaming Bee
2009-01-18 12:47 . 2009-01-18 12:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-01-18 12:23 . 2008-02-22 12:30 334,792 --a------ c:\windows\system32\_AxShlEx.dll
2009-01-18 11:50 . 2009-01-18 11:51 <DIR> d-------- c:\program files\Google
2009-01-17 21:21 . 2009-01-17 21:21 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Iomatic
2009-01-17 21:12 . 2009-01-17 21:12 <DIR> d-------- c:\documents and settings\Tony Stark\Data aplikací\GlarySoft
2009-01-17 21:10 . 2005-12-05 18:07 63,696 --a------ c:\windows\system32\dxdllreg.exe
2009-01-17 21:10 . 2002-12-12 00:14 12,288 --a------ c:\windows\system32\ksolay.ax
2009-01-17 21:10 . 2008-04-14 00:09 5,504 --a------ c:\windows\system32\drivers\mstee.sys
2009-01-17 21:05 . 2009-01-17 21:05 <DIR> d-------- c:\documents and settings\Tony Stark\Data aplikací\DAEMON Tools
2009-01-17 21:03 . 2009-01-29 15:02 <DIR> d-------- c:\documents and settings\Tony Stark\Plocha
2009-01-17 21:03 . 2009-01-17 00:43 <DIR> d--h----- c:\documents and settings\Tony Stark\Okolní tiskárny
2009-01-17 21:03 . 2009-01-17 00:43 <DIR> d--h----- c:\documents and settings\Tony Stark\Okolní síť
2009-01-17 21:03 . 2009-01-25 19:24 <DIR> dr------- c:\documents and settings\Tony Stark\Oblíbené položky
2009-01-17 21:03 . 2009-01-16 23:46 <DIR> d--h----- c:\documents and settings\Tony Stark\Šablony
2009-01-17 21:03 . 2009-01-17 00:43 <DIR> dr------- c:\documents and settings\Tony Stark\Nabídka Start
2009-01-17 21:03 . 2009-01-29 14:39 <DIR> dr------- c:\documents and settings\Tony Stark\Dokumenty
2009-01-17 21:03 . 2009-01-26 19:33 <DIR> dr-h----- c:\documents and settings\Tony Stark\Data aplikací
2009-01-17 21:03 . 2009-01-29 15:31 <DIR> d-------- c:\documents and settings\Tony Stark
2009-01-17 18:50 . 2009-01-17 18:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-17 18:49 . 2009-01-17 19:00 <DIR> d-------- c:\windows\NV28122852.TMP
2009-01-17 17:31 . 2009-01-17 17:31 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-01-17 16:17 . 2008-04-14 08:51 82,432 --a------ c:\windows\system32\cnbjmon2.dll
2009-01-17 16:17 . 2008-04-14 08:51 82,432 --a------ c:\windows\system32\cnbjmon2(2).dll
2009-01-17 16:17 . 2001-10-24 11:15 50,486 --a------ c:\windows\system32\CNBJHLP2.HLP
2009-01-17 16:17 . 2001-10-24 11:15 1,216 --a------ c:\windows\system32\CNBJHLP2.CNT
2009-01-17 15:59 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-17 15:58 . 2009-01-17 15:58 <DIR> d-------- c:\program files\Microsoft Works
2009-01-17 15:57 . 2009-01-17 15:57 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-17 15:55 . 2009-01-17 15:57 <DIR> d-------- c:\windows\SHELLNEW
2009-01-17 15:55 . 2009-01-17 15:55 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-17 15:55 . 2009-01-17 15:59 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-17 15:54 . 2009-01-17 15:54 <DIR> dr-h----- C:\MSOCache
2009-01-17 15:00 . 2009-01-17 00:47 211 -rahs---- C:\BOOT.BKK
2009-01-17 14:24 . 2009-01-17 14:24 <DIR> d-------- c:\windows\system32\drivers\umdf
2009-01-17 14:23 . 2009-01-17 14:23 <DIR> d-------- c:\windows\system32\xlive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 11:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-25 11:04 16,608 ----a-w c:\windows\gdrv.sys
2009-01-16 23:16 --------- d-----w c:\program files\Creative
2009-01-16 23:16 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-16 23:14 --------- d-----w c:\program files\Browser Configuration Utility
2009-01-16 23:13 --------- d-----w c:\program files\Realtek
2009-01-16 23:12 315,392 ----a-w c:\windows\HideWin.exe
2009-01-16 23:07 --------- d-----w c:\program files\Intel
2009-01-16 22:48 558,142 ----a-w c:\windows\java\Packages\Q71FRZ9J.ZIP
2009-01-16 22:48 155,995 ----a-w c:\windows\java\Packages\5RJPBPNP.ZIP
2009-01-16 22:48 --------- d-----w c:\program files\microsoft frontpage
2008-12-25 23:08 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-10 08:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll
2008-11-26 07:55 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-11-25 07:38 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-11-22 10:46 1,222,745 ----a-w C:\1195571164_sb_maturitnotzky.zip
2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-29_15.24.53.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-29 14:11:47 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-29 14:33:14 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-29 14:11:47 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-29 14:33:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-29 14:11:48 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-29 14:33:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-29 14:09:57 7,533,600 --sha-w c:\windows\system32\drivers\fidbox.dat
+ 2009-01-29 14:31:26 7,533,600 --sha-w c:\windows\system32\drivers\fidbox.dat
- 2009-01-29 14:09:57 753,696 --sha-w c:\windows\system32\drivers\fidbox2.dat
+ 2009-01-29 14:31:26 753,696 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 19:31 1372160 c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"UpdReg"=c:\windows\UpdReg.EXE
"WINDVDPatch"=CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Data D\\uTorrent\\utorrent.exe"=
"e:\\HRY\\gta4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\HRY\\gta4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\HRY\\gta4\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\QIP\\qip.exe"=
"c:\\Hry\\hamachi\\hamachi.exe"=
"e:\\HRY\\bfme2\\game.dat"=
"e:\\HRY\\FarCry2\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\HRY\\FarCry2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\HRY\\FarCry2\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\Skype\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-09-23 69120]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-01-17 23064]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\datad\everest\EVEREST Ultimate Edition\kerneld.wnt [2009-01-17 23152]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.utorrent.com/testport.php?port=8000
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {0778CFBE-23CA-475F-AEB9-3AB154119DC6} = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tony Stark\Data aplikací\Mozilla\Firefox\Profiles\a2gve7qv.default\
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 15:38:33
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\datad\everest\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
Celkový čas: 2009-01-29 15:40:26
ComboFix-quarantined-files.txt 2009-01-29 14:40:20
ComboFix2.txt 2009-01-29 14:26:13

Před spuštěním: Volných bajtů: 39 398 879 232
Po spuštění: Volných bajtů: 39,377,264,640

267

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

File::
c:\windows\imsins.BAK
c:\windows\000001_.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
"FirewallOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Toto otestuj na Virustotal
c:\windows\java\Packages\Q71FRZ9J.ZIP
c:\windows\java\Packages\5RJPBPNP.ZIP
Vlož sem pak odkazy výsledků.

Toto asi znáš:
C:\1195571164_sb_maturitnotzky.zip

[sawwyer]

nový log z comba
ComboFix 09-01-21.04 - Sawyer 2009-01-29 16:56:03.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.1.1029.18.3326.2829 [GMT 1:00]
Spuštěný z: c:\documents and settings\Sawyer\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Sawyer\Plocha\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Vytvořen nový Bod Obnovení

FILE ::
c:\windows\000001_.tmp
c:\windows\imsins.BAK
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\000001_.tmp
c:\windows\imsins.BAK

.
((((((((((((((((((((((((( Soubory vytvořené od 2008-12-28 do 2009-01-29 )))))))))))))))))))))))))))))))
.

2009-01-29 00:10 . 2009-01-29 00:10 0 --a------ C:\23990098.$$$
2009-01-28 22:16 . 2009-01-28 22:16 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\MicroWorld
2009-01-28 22:16 . 2009-01-28 22:16 626,688 --a------ c:\windows\system32\msvcr80.dll
2009-01-28 22:16 . 2009-01-28 22:16 548,864 --a------ c:\windows\system32\msvcp80.dll
2009-01-28 22:16 . 2008-04-14 08:52 147,968 --a------ c:\windows\R.COM
2009-01-28 22:16 . 2008-04-14 08:52 137,216 --a------ c:\windows\system32\T.COM
2009-01-28 22:16 . 2009-01-28 22:16 28,672 --a------ c:\windows\system32\eEmpty.exe
2009-01-28 22:16 . 2005-09-22 23:22 522 --a------ c:\windows\system32\Microsoft.VC80.CRT.manifest
2009-01-28 22:16 . 2009-01-28 22:31 54 --a------ c:\windows\Lic.xxx
2009-01-28 21:06 . 2009-01-28 21:06 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\GlarySoft
2009-01-28 21:06 . 2009-01-28 21:06 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\GlarySoft
2009-01-28 19:45 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-28 19:45 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-28 19:36 . 2009-01-28 19:41 <DIR> d-------- c:\windows\LastGood(2)
2009-01-28 19:36 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-28 19:19 . 2009-01-28 20:59 <DIR> d-------- c:\program files\Windows Media Connect 2
2009-01-26 19:33 . 2009-01-26 19:33 <DIR> d-------- c:\documents and settings\Tony Stark\Data aplikací\LANGMaster
2009-01-26 15:03 . 2009-01-26 15:21 <DIR> d-------- c:\windows\NV35601280.TMP
2009-01-26 14:51 . 2009-01-26 14:51 <DIR> d-------- c:\program files\SystemRequirementsLab
2009-01-25 21:03 . 2004-08-17 16:49 219,648 --a------ c:\windows\system32\uxtheme.dll
2009-01-25 18:09 . 2007-01-05 21:33 8,257,536 -----c--- c:\windows\system32\dllcache\wmploc.dll
2009-01-25 18:08 . 2008-04-14 00:10 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2009-01-25 17:26 . 2009-01-25 17:26 <DIR> d---s---- c:\documents and settings\Sawyer\UserData
2009-01-25 14:20 . 2009-01-25 17:22 407 --a------ c:\windows\BRWMARK.INI
2009-01-25 10:57 . 2009-01-29 16:55 <DIR> d-------- c:\documents and settings\Sawyer\Plocha
2009-01-25 10:57 . 2009-01-17 00:43 <DIR> d--h----- c:\documents and settings\Sawyer\Okolní tiskárny
2009-01-25 10:57 . 2009-01-28 20:02 <DIR> d--h----- c:\documents and settings\Sawyer\Okolní síť
2009-01-25 10:57 . 2009-01-25 18:21 <DIR> dr------- c:\documents and settings\Sawyer\Oblíbené položky
2009-01-25 10:57 . 2009-01-25 11:01 <DIR> d--h----- c:\documents and settings\Sawyer\Šablony
2009-01-25 10:57 . 2009-01-25 11:15 <DIR> dr------- c:\documents and settings\Sawyer\Nabídka Start
2009-01-25 10:57 . 2009-01-28 21:00 <DIR> dr------- c:\documents and settings\Sawyer\Dokumenty
2009-01-25 10:57 . 2009-01-28 21:06 <DIR> dr-h----- c:\documents and settings\Sawyer\Data aplikací
2009-01-25 10:57 . 2009-01-28 19:32 <DIR> d-------- c:\documents and settings\Sawyer
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Lavasoft
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Lavasoft
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Ironclad Games
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Ironclad Games
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\ICQLite
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\ICQLite
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\ICQ
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\ICQ
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\IcoFX
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\IcoFX
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Hamachi
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Hamachi
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\GRETECH
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\GRETECH
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\DAEMON Tools
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\DAEMON Tools
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Command & Conquer 3 Tiberium Wars
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Command & Conquer 3 Tiberium Wars
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Command & Conquer 3 Kane's Wrath
2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Command & Conquer 3 Kane's Wrath
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\nView_Profiles
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\nView_Profiles
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My The Lord of the Rings, The Rise of the Witch-king Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My The Lord of the Rings, The Rise of the Witch-king Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My Battle for Middle-earth(tm) II Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My Battle for Middle-earth(tm) II Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My Battle for Middle-earth Files
2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\My Battle for Middle-earth Files
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\WorldShift
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\WorldShift
2009-01-25 10:34 . 2009-01-28 21:10 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\uTorrent
2009-01-25 10:34 . 2009-01-28 21:10 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\uTorrent
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\teamspeak2
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\teamspeak2
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Spybot - Search & Destroy
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Spybot - Search & Destroy
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Skype
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\Skype
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\QIP
2009-01-25 10:34 . 2009-01-25 10:34 <DIR> d-------- c:\documents and settings\Sawyer\Data aplikací\QIP
2009-01-25 10:30 . 2009-01-25 10:30 <DIR> d-------- c:\documents and settings\Sawyer\dwhelper
2009-01-25 10:29 . 2009-01-25 11:01 <DIR> d-------- c:\documents and settings\Tony Stark\Sawyer
2009-01-25 09:45 . 2009-01-28 22:30 <DIR> d-------- c:\documents and settings\Tony Stark\Data aplikací\uTorrent
2009-01-24 10:30 . 2009-01-24 10:39 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Stardock
2009-01-24 10:30 . 2009-01-24 10:30 <DIR> d--h-c--- c:\documents and settings\All Users\Data aplikací\{CC8D4389-E989-40EE-AF09-2330B1EE8BF7}
2009-01-20 19:24 . 2009-01-20 19:24 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-01-20 19:21 . 2009-01-20 19:21 22,328 --a------ c:\documents and settings\Tony Stark\Data aplikací\PnkBstrK.sys
2009-01-20 19:20 . 2009-01-20 19:20 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2009-01-20 19:17 . 2009-01-20 19:17 0 --a------ c:\windows\nsreg.dat
2009-01-19 18:02 . 2009-01-19 18:02 <DIR> d-------- c:\program files\Codec Pack - All In 1
2009-01-19 18:02 . 2009-01-19 18:02 737,280 --a------ c:\windows\iun6002.exe
2009-01-18 22:20 . 2009-01-18 22:20 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-01-18 18:39 . 2009-01-18 18:47 <DIR> d-------- c:\program files\Screaming Bee
2009-01-18 18:34 . 2009-01-18 18:34 <DIR> d-------- c:\program files\Common Files\Screaming Bee
2009-01-18 18:29 . 2009-01-18 18:30 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Screaming Bee
2009-01-18 12:47 . 2009-01-18 12:48 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Lavasoft
2009-01-18 12:23 . 2008-02-22 12:30 334,792 --a------ c:\windows\system32\_AxShlEx.dll
2009-01-18 11:50 . 2009-01-18 11:51 <DIR> d-------- c:\program files\Google
2009-01-17 21:21 . 2009-01-17 21:21 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Iomatic
2009-01-17 21:12 . 2009-01-17 21:12 <DIR> d-------- c:\documents and settings\Tony Stark\Data aplikací\GlarySoft
2009-01-17 21:10 . 2005-12-05 18:07 63,696 --a------ c:\windows\system32\dxdllreg.exe
2009-01-17 21:10 . 2002-12-12 00:14 12,288 --a------ c:\windows\system32\ksolay.ax
2009-01-17 21:10 . 2008-04-14 00:09 5,504 --a------ c:\windows\system32\drivers\mstee.sys
2009-01-17 21:05 . 2009-01-17 21:05 <DIR> d-------- c:\documents and settings\Tony Stark\Data aplikací\DAEMON Tools
2009-01-17 21:03 . 2009-01-29 15:02 <DIR> d-------- c:\documents and settings\Tony Stark\Plocha
2009-01-17 21:03 . 2009-01-17 00:43 <DIR> d--h----- c:\documents and settings\Tony Stark\Okolní tiskárny
2009-01-17 21:03 . 2009-01-17 00:43 <DIR> d--h----- c:\documents and settings\Tony Stark\Okolní síť
2009-01-17 21:03 . 2009-01-25 19:24 <DIR> dr------- c:\documents and settings\Tony Stark\Oblíbené položky
2009-01-17 21:03 . 2009-01-16 23:46 <DIR> d--h----- c:\documents and settings\Tony Stark\Šablony
2009-01-17 21:03 . 2009-01-17 00:43 <DIR> dr------- c:\documents and settings\Tony Stark\Nabídka Start
2009-01-17 21:03 . 2009-01-29 16:04 <DIR> dr------- c:\documents and settings\Tony Stark\Dokumenty
2009-01-17 21:03 . 2009-01-26 19:33 <DIR> dr-h----- c:\documents and settings\Tony Stark\Data aplikací
2009-01-17 21:03 . 2009-01-29 16:05 <DIR> d-------- c:\documents and settings\Tony Stark
2009-01-17 18:50 . 2009-01-17 18:54 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-01-17 18:49 . 2009-01-17 19:00 <DIR> d-------- c:\windows\NV28122852.TMP
2009-01-17 17:31 . 2009-01-17 17:31 25,280 --a------ c:\windows\system32\drivers\hamachi.sys
2009-01-17 16:17 . 2008-04-14 08:51 82,432 --a------ c:\windows\system32\cnbjmon2.dll
2009-01-17 16:17 . 2008-04-14 08:51 82,432 --a------ c:\windows\system32\cnbjmon2(2).dll
2009-01-17 16:17 . 2001-10-24 11:15 50,486 --a------ c:\windows\system32\CNBJHLP2.HLP
2009-01-17 16:17 . 2001-10-24 11:15 1,216 --a------ c:\windows\system32\CNBJHLP2.CNT
2009-01-17 15:59 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-17 15:58 . 2009-01-17 15:58 <DIR> d-------- c:\program files\Microsoft Works
2009-01-17 15:57 . 2009-01-17 15:57 <DIR> d-------- c:\program files\Microsoft.NET
2009-01-17 15:55 . 2009-01-17 15:57 <DIR> d-------- c:\windows\SHELLNEW
2009-01-17 15:55 . 2009-01-17 15:55 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-01-17 15:55 . 2009-01-17 15:59 <DIR> d-------- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2009-01-17 15:54 . 2009-01-17 15:54 <DIR> dr-h----- C:\MSOCache
2009-01-17 15:00 . 2009-01-17 00:47 211 -rahs---- C:\BOOT.BKK
2009-01-17 14:24 . 2009-01-17 14:24 <DIR> d-------- c:\windows\system32\drivers\umdf
2009-01-17 14:23 . 2009-01-17 14:23 <DIR> d-------- c:\windows\system32\xlive
2009-01-17 14:23 . 2009-01-17 14:39 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-17 14:18 . 2009-01-17 14:18 <DIR> d-------- c:\program files\MSBuild

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-25 11:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-25 11:04 16,608 ----a-w c:\windows\gdrv.sys
2009-01-16 23:16 --------- d-----w c:\program files\Creative
2009-01-16 23:16 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-16 23:14 --------- d-----w c:\program files\Browser Configuration Utility
2009-01-16 23:13 --------- d-----w c:\program files\Realtek
2009-01-16 23:12 315,392 ----a-w c:\windows\HideWin.exe
2009-01-16 23:07 --------- d-----w c:\program files\Intel
2009-01-16 22:48 558,142 ----a-w c:\windows\java\Packages\Q71FRZ9J.ZIP
2009-01-16 22:48 155,995 ----a-w c:\windows\java\Packages\5RJPBPNP.ZIP
2009-01-16 22:48 --------- d-----w c:\program files\microsoft frontpage
2008-12-25 23:08 453,152 ----a-w c:\windows\system32\nvudisp.exe
2008-12-23 20:58 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-12-10 08:45 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-12-04 08:28 24,344 ----a-w c:\windows\system32\PhysXDevice.dll
2008-11-26 07:55 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-11-25 07:38 288,024 ----a-w c:\windows\system32\PhysXCompatCplUI.exe
2008-11-22 10:46 1,222,745 ----a-w C:\1195571164_sb_maturitnotzky.zip
2008-11-11 19:00 218,376 ----a-w c:\windows\system32\klogon.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-29_15.24.53.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-29 14:11:47 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-29 14:33:14 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-29 14:11:47 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-29 14:33:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-29 14:11:48 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-29 14:33:14 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-29 14:09:57 7,533,600 --sha-w c:\windows\system32\drivers\fidbox.dat
+ 2009-01-29 14:31:26 7,533,600 --sha-w c:\windows\system32\drivers\fidbox.dat
- 2009-01-29 14:09:57 753,696 --sha-w c:\windows\system32\drivers\fidbox2.dat
+ 2009-01-29 14:31:26 753,696 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-29 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 c:\windows\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 c:\windows\alcwzrd.exe]
"nwiz"="nwiz.exe" [2009-01-15 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2006-05-24 19:31 1372160 c:\program files\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"RTHDCPL"=RTHDCPL.EXE
"UpdReg"=c:\windows\UpdReg.EXE
"WINDVDPatch"=CTHELPER.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Data D\\uTorrent\\utorrent.exe"=
"e:\\HRY\\gta4\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"e:\\HRY\\gta4\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"e:\\HRY\\gta4\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\QIP\\qip.exe"=
"c:\\Hry\\hamachi\\hamachi.exe"=
"e:\\HRY\\bfme2\\game.dat"=
"e:\\HRY\\FarCry2\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\HRY\\FarCry2\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\HRY\\FarCry2\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\Skype\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
R3 PSched;Plánovač paketů technologie QoS;c:\windows\system32\drivers\psched.sys [2002-09-23 69120]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-01-17 23064]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\datad\everest\EVEREST Ultimate Edition\kerneld.wnt [2009-01-17 23152]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: {0778CFBE-23CA-475F-AEB9-3AB154119DC6} = 192.168.1.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Sawyer\Data aplikací\Mozilla\Firefox\Profiles\d48kfs1q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\documents and settings\Sawyer\Data aplikací\Mozilla\Firefox\Profiles\d48kfs1q.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\data d\Mozilla Firefox\plugins\npnul32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-29 16:57:11
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\EverestDriver]
"ImagePath"="\??\c:\datad\everest\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
Celkový čas: 2009-01-29 16:58:06
ComboFix-quarantined-files.txt 2009-01-29 15:58:04
ComboFix2.txt 2009-01-29 14:40:27
ComboFix3.txt 2009-01-29 14:26:13

Před spuštěním: Volných bajtů: 39 344 197 632
Po spuštění: Volných bajtů: 39,345,725,440

278




nový log HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:01:45, on 29.1.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\Data D\Ad-Aware SE Personal\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Data D\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Data D\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1292428093-1682526488-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Tony Stark')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\..\{0778CFBE-23CA-475F-AEB9-3AB154119DC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0778CFBE-23CA-475F-AEB9-3AB154119DC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{0778CFBE-23CA-475F-AEB9-3AB154119DC6}: NameServer = 192.168.1.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{0778CFBE-23CA-475F-AEB9-3AB154119DC6}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Data D\Ad-Aware SE Personal\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Data D\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

--
End of file - 6153 bytes


výsledky virus total
oba soubory byly čistý

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u

takže jestli nejsou problémy,tak vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš>spustíš

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.

Nainstaluj si javu:
Java SE Runtime Environment 6u11
Vyber OS ( předpokládám Windows), zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u11-windows-i586-p.exe
Nejsou-li problémy , je to vše.

[sawwyer]

dikec za pomoc,

jede to bez problemů